unified threat management, managed security, and the cloud
TRANSCRIPT
Unified Threat Management,Managed Security, and the CloudServices Model
Kurtis E. Minder CISSPGlobal Account Manager - Service Provider GroupFortinet, Inc.
IntroductionKurtis E. Minder, Technical Sales Professional
Companies: Roles:•Security Design Engineer
•Systems Engineer
•Sales Engineer
•Salesperson
•Business Development
•Global Account Manager
Actual work:•Installation / Configuration
•Design
•Support
•Product development / POC
•Audit
•Penetration testing
•Sales / BD
Agenda
• Security Overview / Appliance Primer• Unified Threat Management• Managed Security Services• Cloud Security• Questions
Security Overview / Appliance Primer
Firewalls
The Firewall was adopted to protect corporate networks from would-beInternet attackers.
• Firewalls, deployed in-line, typically use a set of network layer rules todetermine what traffic can enter/leave the network.
• Improvements to Firewall technology have been largely limited toperformance. As bandwidth increased, Firewalls had to process faster.
(Some FW companies have increased app visibility)
• New technologies are increasing FW capability to inspect traffic faster andmore intelligently
Anti-VirusAnti-Virus provides software / desktop level risk management for
workstations in the enterprise.
• Uses malicious code signature database to determine whether workstationwas being attacked/compromised.
• Enterprise solutions evolved to provide central management and enhancedcapability for workstation control. (McAfee Enterprise Policy Orchestrator.)
• As larger AV vendors acquire new technologies, feature set improves (DLP,Encryption, Config Management)
VPNVPN (Virtual Private Networking) was adopted to provide
secure remote access to corporate networks.
• Provides remote access via IPSEC or SSL to the corporate network
• Enhanced features can include workstation integrity checks androle based access control
• Also is often used to provide connectivity between networks forbusiness to business transactions.
Intrusion Detection / Prevention
IDS was developed to detect attacks on the network and alertthe security administrator
• IPS, typically inline, added the capability to stop the attackautomatically or manually
• IDS/IPS originally relied entirely on signatures, but evolved toinclude clever behavioral, heuristic-based algorithms to detect
threats
Content FilteringContent Filtering/Web Filtering emerged to increase worker
productivity and reduce workplace risk.
• Monitors web surfing and other application use leaving thecorporate network. Manages which websites each department can
use/see.
• Leverages policy to reduce risk of malicious injection of code intothe network/users browser.
• Some systems provide value added functions such as webacceleration / caching.
Data Loss PreventionData Loss Prevention (DLP) technology was developed as a
direct result of lost corporate information from inside thenetwork.
• DLP Technology uses a multi-faceted approach to solving the DataLeak problem, including network bases sensors, workstation
software, and complex policy management
• The technology is largely developed to keep corporate intellectualproperty and finance data from being distributed.
• Also used to maintain compliance initiatives around SOX, HIPAA;showing due diligence toward securing patient / customer data
Threat Evolution
Multi and Blended attacks arenow a common practice.
Email is the most commondelivery mechanism.
• The motive and intent ischanging Moving from notoriety to
financial gain. Theft of financial and personal
information.• Traditional security isn't
enough
• Malicious code exposing confidentialdata has increased significantly
The Traditional Approach to NetworkSecurity
Impact• High integration effort with multiple products
and vendors• Weak security due to lack of integration and
unified configuration• Operationally expensive to manage and
operate• Impractical and too expensive
First you buy routers, firewalls, VPNs, server load balancers…
Then you buy proxies, webfiltering, instant messagingsecurity, data loss prevention,tomorrow’s security product, andon and on.
Then you buy networkintrusion prevention, anti-virus, anti-malware, anti-spyware, anti-spam, anti-etc…
A New Security Architecture Is Required• Antispam
Reduce unwanted email
• Web filters Eliminated unproductive web-browsing
• VPN Delivering secure remote access
• Firewall Defend against intrusions
• Antivirus Protect email and web applications
from virus infection
• IPS Protect against malicious attacks
VPNVPN
IPSIPS
UsersUsers
ServersServersFirewallFirewall
AntivirusAntivirus
AntispamAntispam
URL FiltersURL Filters
• Real Disadvantages Requires multiple products that don’t
talk to each other Increases network complexity and
operational cost Non optimal security implementation
Multiple Point Solutions Add Complexity• Perceived Advantages
Comprehensive securityapproach
Quickly react to individualthreats
VPNVPN
IPSIPS
UsersUsers
ServersServersFirewallFirewall
AntivirusAntivirus
AntispamAntispam
URL FiltersURL Filters
Unified Threat Management
Security Market Evolution
Virtual private network(IPSec and SSL)
Firewall + VPN
Firewall
Secure ContentManagement
Antivirus
Antispyware
Web filtering
Messaging security
Intrusion Detection &Prevention
Intrusion detection system
Intrusion prevention system
Unified Threat ManagementFirewall Antivirus IPS Antispam Content Filtering VPN
UTM - Best treatment for Appliancitis
• Single hardware platform• Unified management interface• One vendor contract / contact• Single licensing agreement (..sometimes)• Reduced data center footprint• Power consumption reduction• Minimized point of failure/latency• Simplified network security architecture
Speeds and simplifies support and problem resolution Allows for more accurate policy development Quickly correlates events between components
• Blended threat protection!
From:
To:
UTM Box
(Small enterprise)
UTM Box for MSS and Clouds…
Managed Security Services
What is/are MSS?
Wikipedia defines Managed Security Services as simply…
“…network security services that have been outsourced. Acompany providing such a service is a ManagedSecurity Service Provider (MSSP)”
Typical reasons for engaging an MSSP to manage your IT Security…
•Improve IT Security and Compliance•Reduce Security Capex and Opex expenditures•Focus on core business intitiatives and competances
MSS Value Added Services
Services that MSSPs typically offer:
• Vulnerability Assessments• Penetration Tests• FW Management• IDS Management• VPN Management• Event Mitigation Services• Data Archival
Managed U
TM
Traditional MSS - Customer PremiseEquipment (CPE)
Facilitates Logical and Physical Segmentation Facilitates the addition of non security services such as Dial Back Up, WiFi LAN, Dual / Redundant WAN, 3G connectivity options and rate shaping / QoS NOC/SOC
IPSFirewallAVContent Filtering
Internet
MSS benefits / concerns
• Reduced CAPEX• Economies of Scale around security
services• Top security analysts reviewing log
material• Enhanced correlation and automated
security intelligence available• All updates and patches done!
• Who sees my data?• Compliance responsibilities?• I want access to my FW/Logs!• Will people lose their jobs?
Cloud Security Services
What is Cloud Security
Cloud security is essentially the concept of deliveringsecurity services without CPE. This means thatthe services are typically provisioned at the otherend of the transport medium. End Users
X/DSL / T 1
Internet
Provider Edge
Legend
Clear / Clean Traffic
Potentially “Bad” Traffic
Security Scanning
UTM in the CloudMany carriers and cloud services companies are offeringManaged Security in the Cloud via Unified Threat Management platforms. Why?
•Rapid Portfolio Creation•Seamless Provisioning•Increased Operational Efficiencies•Single Vendor Contract•Simple Licensing•Easy correlation and alerting•VIRTUALIZATION!
Value Added Services Delivery Model
Customer Wins!
Delivering “Clean Pipe” with UTM
Virtualization
Providing virtual UTM services from a single platformto multiple customers and applications.
Cloud Computing Security
These companies want to deliver your:•Applications•Desktops•Storage•High Powered Computing (HPC) Services
…from the internet to your office.And well they should…but how do we secure it?
VirtualMachine
VirtualMachineVirtualMachine
VirtualMachine
VDOM
VDOM
VDOM
VDOM
DB ProvisioningManagerManager
Analyzer
Policy and Event Information Shared
Virtualized
Virtualized
Virtualized
Virtualized
Cloud Computing Security Architecture Example
Cloud benefits / concerns
• Reduced OPEX/CAPEX• 0 point of failure• Disaster recovery / business
continuity outsourced!• Infinitely and instantly scalable
Supports “burst” Scales down for economy
• Who sees my data?• Compliance responsibilities?• Internet reliable?
About Fortinet
Company Overview• Leading provider of ASIC-accelerated Unified Threat Management
(UTM) Security Solutions• Company Stats
Founded in 2000 Silicon Valley based with offices worldwide Seasoned executive management team 1,000+ employees / 500+ engineers 300,000+ FortiGate devices shipped worldwide
• Strong, validated technologies and products 11 patents; 80+ pending Six ICSA certifications (first and only security vendor) Government Certifications (FIPS-2, Common Criteria EAL4+) Virus Bulletin 100 approved (2005, 2006, 2008)
Security Research & Development
Integrated Network Security Appliance
Application Aware,Identity Based Firewall
Routing, Traffic Shaping,Quality of Service,
Server Load Balancing
Network Anti-VirusAnti-MalwareAnti-Spyware
NetworkIntrusion
Prevention
Web URL & ContentFiltering
NetworkApplication
Control & Recording
IPSec VPN &SSL VPN Termination
•Streaming security updates for appliances•Worldwide deployment infrastructure•All original security research & development•Updates for application intelligence, web filtering,intrusion prevention, anti-virus, anti-malware, anti-spyware, vulnerability assessment & database security
•Anti-spam, anti-malware•Server, gateway & transparent•Quarantine, user self service•Archiving, logging & reporting
EmailSecurity Appliance
•Database vulnerability assessment•Security monitoring & auditing•Monitor all access, users, methods•Compliance reporting
DatabaseSecurity Appliance
NetworkData LossPrevention
The Integrated Security Platform
•XML router & accelerator•XML firewall & intrusion prevention•XML denial of service protection•SQL injection & malware protection
Web ApplicationFirewall Appliance
Worldwide Update Service
VulnerabilityManagement Appliance•Auditing•Patch Management•Reporting and Compliance•Smart Automation
Q&A
Thank You.
Kurtis E. Minder [email protected] - [email protected] - kurtisminder (skype)http://www.fortinet.comhttp://www.linkedin.com/in/kurtisminderhttp://www.kurtisminder.com